
Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
@ledgerhq/hw-app-str
Advanced tools
GitHub, Ledger Devs Discord, Developer Portal
Ledger Hardware Wallet Stellar JavaScript bindings.
You may be using this package to communicate with the Stellar Nano App.
For a smooth and quick integration:
All functions may throw an error, it's important to handle the errors properly.
We have written corresponding classes for exceptions that developers should actively handle, you can find them in the API section.
Error thrown when hash signing is not enabled on the device.
Error thrown when data parsing fails.
For example, when parsing the transaction fails, this error is thrown.
Error thrown when the user refuses the request on the device.
Error thrown when the data is too large to be processed by the device.
Stellar API
transport
Transport a transport for sending commands to a devicescrambleKey
a scramble key (optional, default "l0v"
)import Str from "@ledgerhq/hw-app-str";
const str = new Str(transport)
Get Stellar application configuration.
str.getAppConfiguration().then(o => o.version)
Returns Promise<{version: string, hashSigningEnabled: boolean, maxDataSize: number?}> an object with the application configuration, including the version, whether hash signing is enabled, and the maximum data size in bytes that the device can sign.
Get Stellar raw public key for a given BIP 32 path.
path
string a path in BIP 32 formatdisplay
if true, the device will ask the user to confirm the address on the device, if false, it will return the raw public key directly (optional, default false
)str.getPublicKey("44'/148'/0'").then(o => o.rawPublicKey)
Returns Promise<{rawPublicKey: Buffer}> an object with the raw ed25519 public key. If you want to convert it to string, you can use StrKey.encodeEd25519PublicKey
Sign a Stellar transaction.
path
string a path in BIP 32 formattransaction
Buffer signature base of the transaction to signstr.signTransaction("44'/148'/0'", signatureBase).then(o => o.signature)
Returns Promise<{signature: Buffer}> an object with the signature
Sign a Stellar Soroban authorization.
path
string a path in BIP 32 formathashIdPreimage
Buffer the Soroban authorization hashIdPreimage to signstr.signSorobanAuthorization("44'/148'/0'", hashIdPreimage).then(o => o.signature)
Returns Promise<{signature: Buffer}> an object with the signature
Sign a hash.
str.signHash("44'/148'/0'", hash).then(o => o.signature)
Returns Promise<{signature: Buffer}> an object with the signature
FAQs
Ledger Hardware Wallet Stellar Application API
The npm package @ledgerhq/hw-app-str receives a total of 11,706 weekly downloads. As such, @ledgerhq/hw-app-str popularity was classified as popular.
We found that @ledgerhq/hw-app-str demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.